Method of making a user piece of software secure by means of a processing and secret memorizing unit, and a system constituting an application thereof

ABSTRACT

The invention provides a method of making a user piece of software secure by means of a user processing and memorizing unit ( 11   u ) containing at least one user secret (S u ). 
     According to the invention, the method consists in:
         making a user piece of software and modified data (D′) available to a user; and   in a stage of running the user piece of software with the associated modified data (D′), enabling the user possessing the user unit ( 11   u ) to recover the original data (D) from the modified data (D′).

TECHNICAL FIELD

The present invention relates to the technical field of data processing systems in the broad sense and more particularly, it relates to means for making secure the use of a program or piece of software operating on said data processing systems.

More particularly, the subject matter of the invention relates to means for making a user piece of software secure by means of a processing and secret memorizing unit, commonly referred to as a “smart card”.

PRIOR ART

In the above technical field, the main drawback relates to unauthorized use of a piece of software by users who have not paid a license fee. Such illegal use of a piece of software is clearly detrimental for publishers and distributors of software. To avoid such illegal copies, various solutions for protecting a piece of software have been proposed in the state of the art. Thus, one known solution consists in making use of a hardware protection system, such as a physical element known as a protective key or “dongle”. Such a protective key is intended to guarantee to the publisher of the piece of software that the piece of software is executed solely when in the presence of the key.

Unfortunately, it has been found that that solution is ineffective since it suffers from the drawback of being easily overcome. By using specialized tools such as disassemblers, a dishonest user or “pirate” can remove the dongle-checking instructions. It then becomes possible to make illegal copies corresponding to versions of the piece of software that have been modified so that they no longer have any protection. In addition, that solution cannot be generalized to all software insofar as it is difficult to connect more than two such protective keys on the same machine.

Patent application No. EP 0 191 162 describes a method for encrypting a piece of software so as to avoid unauthorized use. Such a method consists in encrypting the program by means of a unique key, in storing the encrypted program on a medium for distribution purposes, and in executing the program on a computer having protected memory and protected cryptographic means including a secret key that is unique for that computer. The method consists in providing the user of the program with a unique secret password that depends on the key of the program and on the key of the computer so that the computer can decrypt and execute the program in its protected memory. In a second implementation, a smart card possessing a unique key can be associated with the computer so that under such circumstances the unique secret password supplied to the user depends on the key of the program and on the key of the smart card.

The major drawback of that method is the need to use a computer having protected memory in order to run the program. Standard computers do not have protected memory, thus considerably limiting the popularity of that method.

Another drawback is that implementing it requires the user to apply to a password distribution center for the password that corresponds to the program and that depends on the user's computer or smart card.

Another drawback of that method is that it needs as many secrets as there are smart cards and it requires the password distribution center to manage all of those secrets.

SUMMARY OF THE INVENTION

The invention seeks to remedy the drawbacks of the prior art by proposing a method for making a user piece of software secure by means of a processing and secret memorizing unit, which method is designed for implementation on a standard computer and does not require the user to make any application to a password distribution center.

To achieve such an object, the method of the invention seeks to make a user piece of software secure from a reconstitution processing and memorizing unit including at least one reconstitution secret, said piece of software operating on an application data processing system.

According to the invention, the method consists:

-   -   in a stage of generating modified data:         -   and in a substage of creating data, in using a generation             piece of software to establish “original” data associated             with the user piece of software;         -   and in a modification substage, in using a generation secret             and at least a portion of the associated original data to             determine modified data;     -   in a stage of making available, distributing the user piece of         software and the associated modified data to a user; and     -   in a stage of using the user piece of software together with the         associated modified data on a user system, and in a substage of         reconstituting the original data;         -   for a user possessing a reconstitution unit including a             reconstitution secret in:             -   selecting an input parameter constituted by at least a                 portion of the modified data;             -   transferring the input parameter from the user system to                 the reconstitution unit;             -   enabling the reconstitution unit to determine at least                 one output parameter on the basis of the reconstitution                 secret and the input parameter;             -   transferring the output parameter from the                 reconstitution unit to the user system; and             -   running at least one reconstitution function making use                 of at least a portion of the output parameter to obtain                 the original data; and         -   for a user not possessing the reconstitution unit, in             allowing the user piece of software to be used at best with             the modified data.

The method of the invention thus makes it possible for a user piece of software to be made secure by implementing a reconstitution processing and secret memorizing unit, which method presents the feature of keeping the information confidential even after the secret has been used on several occasions. It can thus be seen that any derivative version of the piece of software attempting to operate without said specific unit is incapable of making use of data produced by a generation piece of software insofar as the reconstitution secret contained in the reconstitution processing and memorizing unit is out of reach. The use of a generation secret makes it possible to modify the data storage format in a manner that is not predictable so that the use of modified data cannot achieve proper operation of the piece of software unless the user possesses the reconstitution secret. The subject matter of the invention is particularly advantageous for use with piece of software associated with frequent distribution of libraries in the general sense, having content that constitutes data in need of protection, such as encyclopedias or games, for example.

Various other characteristics appear from the following description made with reference to the accompanying drawings which show implementations of the invention as non-limiting examples.

BRIEF DESCRIPTION OF THE DRAWINGS

FIG. 1 is a diagram of hardware enabling the invention to be implemented during a first stage, i.e. a stage of generating modified data.

FIG. 2 is a diagram showing hardware enabling the invention to be implemented during a third stage, i.e. the usage of the user piece of software together with its modified data.

FIGS. 3 to 6 are block diagrams explaining how modified data is used in association with a piece of software, in various implementations.

BEST METHOD OF PERFORMING THE INVENTION

The method of the invention comprises a first step or stage for generating modified data during which modified data is generated from original data that is to be protected and that is associated with a user piece of software. The method of the invention further comprises a second step or stage of making the piece of software and the associated modified data available to a user, and a third step or stage of use during which the user piece of software is used together with the associated modified data.

FIG. 1 shows generation apparatus 1 _(g) for implementing the stage of generating modified data in the method of the invention. This generation apparatus 1 _(g) is adapted to make use of a generation piece of software 2 _(g) for generating modified data and whose function is described more clearly below. In the embodiment shown, the generation apparatus 1 _(g) comprises a “generation” data processing system 3 _(g) of any conventional type, referred to as the generation system 3 _(g) in the description below. In the example described, the generation system 3 _(g) comprises a computer, but it must be understood that such a generation system 3 _(g) could form an integral portion of a variety of kinds of apparatus in the broad sense. In the example described, the generation system 3 _(g) comprises at least one processor 4 _(g), at least one working memory 5 _(g), at least one data storage medium 6 _(g), and at least one input/output interface circuit 7 _(g). Conventionally, the various components of the generation system 3 _(g) are interconnected by means of a communication bus 8 _(g).

In a first variant embodiment, the interface circuit 7 _(g) is connected to a reader 10 _(g) for reading a “generation” processing and memorizing unit 11 _(g) that contains at least one generation secret S_(g). In this example, the generation unit 11 _(g) is designed to be written to or read by the reader 10 _(g), but it must be understood that such a generation unit 11 _(g) could be in the form of any type of hardware key, connected to an input/output circuit, directly to the communication bus 8 _(g), or any communication means such as a wireless link, for example. In general, the generation unit 11 _(g) contains at least one generation secret S_(g) or one device for storing encoded information, at least algorithmic means for processing data, and at least a system for exchanging data between the generation unit 11 _(g) and the generation system 3 _(g). Conventionally, the generation unit 11 _(g) is implemented as a smart card.

In a second embodiment, the generation secret S_(g) is a parameter of the generation piece of software 2 _(g).

Such generation apparatus 1 _(g) enables a data creation substage to be performed. During this substage, it is established for the user piece of software 2 _(u), associated “original” data D. The original data D is to be associated with the user piece of software 2 _(u) when the piece of software is in use, and it constitutes data that needs to be protected because of its economic value. By way of example, the original data D can constitute a library associated with an encyclopedia software or game scenes associated with a gaming software.

On the basis of at least a portion of the original data D, the method implements a modification substage of computing modified data D′ by using a generation secret S_(g). Both the original and modified versions of the data D and D′ are obtained by means of a generation piece of software 2 _(g) in the broad sense. In a first variant, the generation secret S_(g) can be included in a generation processing and memorizing unit 11 _(g). When the generation secret S_(g) is not known, the use of such a generation unit 11 _(g) makes it difficult or even impossible to deduce the modified data D′ from the original data D, even for the person who generated the modified data associated with the piece of software. In a second variant, the generation secret S_(g) can be associated directly with the generation piece of software 2 _(g), so that it remains secret except for the software developer(s).

This stage of generating modified data is followed by a stage of making it available, in which the modified data D′ is supplied to users in association with user piece of software 2 _(u). Thus, at the end of the data generation stage, the user piece of software 2 _(u) is made available to at least one user together with modified data D′ as obtained from a generation secret S_(g) and at least a portion of the original data D associated with the user piece of software 2 _(u).

Such user piece of software together with its modified data D′ can then be used by at least one user during a utilization or “use” stage. This use stage comprises a “functional” substage during which the user makes use of the functionalities of the piece of software, and a substage of reconstituting original data D. During the reconstitution substage, each user provided with a reconstitution secret associated with the user piece of software 2 _(u) can perform the inverse modification, i.e. can decode the modified data D′ so as to recover and then use the original data D. It should be understood that the modified data D′ is translated back by the user piece of software 2 _(u) in order to recover or reconstitute the original data D when the reconstitution secret S_(u) is present.

FIG. 2 shows user apparatus 1 _(u) enabling the third stage of the method of the invention to be implemented. In the implementation shown, the user device 1 _(u) comprises a user data processing system 3 _(u) of any conventional type, referred to as the user system 3 _(u) in the description below. In this example, the user system 3 _(u) constitutes a computer, but it must be understood that such a user system 3 _(u) could form an integral portion of various machines, devices, or vehicles in the broad sense. In the present example, the user system 3 _(u) comprises at least one processor 4 _(u), at least one working memory 5 _(u), at least one data storage medium 6 _(u), and at least one input/output interface circuit 7 _(u). Conventionally, the various components of the user system 3 _(u) are interconnected by means of a communication bus 8 _(u). The interface circuit 7 _(u) is connected to a reader 10 _(u) for reading a reconstitution processing and memorizing unit 11 _(u) that contains at least one reconstitution secret S_(u). In the example shown, this reconstitution processing and memorizing unit 11 _(u), referred to as the reconstitution unit 11 _(u) in the description below, is designed to be written to or read from by the reader 10 _(u), but it must be understood that such a reconstitution unit 11 _(u) can be implemented in the form of any type of hardware key connected to an input/output circuit, directly to the communication bus 8 _(u), or via or any other communication means, such as a wireless link, for example. In general, the reconstitution unit 11 _(u) contains at least one reconstitution secret S_(u) or one device for storing encoded information, at least algorithmic data processing means, and at least a system for exchanging data between the reconstitution unit 11 _(u) and the user system 3 _(u). Conventionally, the reconstitution unit 11 _(u) is implemented as a smart card.

FIG. 3 shows a first variant implementation of the method of the invention enabling the modified data D′ to be translated back again so as to recover or reconstitute the original data D, by implementing the user apparatus 1 _(u). The method consists in selecting at least one input parameter P_(e) for the reconstitution unit 11 _(u). This input parameter P_(e) is constituted by at least a portion of the modified data D′. The input parameter P_(e) is transferred from the user system 3 _(u) to the reconstitution unit 11 _(u). The reconstitution unit 11 _(u) determines at least one output parameter P_(s) on the basis of at least one reconstitution secret S_(u) and the input parameter P_(e).

It should be observed that the reconstitution secret S_(u) can be constituted either by at least one secret function which generates the output parameter P_(s) from the input parameter P_(e), or by at least one piece of secret information together with at least one optionally known conversion function enabling the output parameter P_(s) to be derived from the input parameter P_(e) and the secret information. When the reconstitution secret is not known, the use the reconstitution unit 11 _(u) makes it difficult or even impossible to deduce the output parameter P_(s) from the input parameter P_(e).

Thereafter, the reconstitution unit 11 _(u) transfers the output parameter P_(s) to the user system 3 _(u). Such a user system 3 _(u) performs at least one reconstitution function F_(u) which uses at least a portion of the output parameter P_(s) to obtain the original data D.

In a preferred example of the variant shown in FIG. 3, the input parameter P_(e) is equal to the modified data D′, while the output parameter P_(s) is equal to the reconstituted original data D. During the stage of generating the modified data, the generation secret S_(g) performs a transformation function that is the inverse of the reconstitution secret S_(u), i.e. its input parameter is equal to the original data D, while the output parameter from the generation unit is equal to the modified data D′.

It can thus be seen that a holder of a reconstitution unit 11 _(u) associated with a particular user piece of software 2 _(u) can recover and use the original data D associated with said piece of software. Using the user piece of software 2 _(u) in the presence of the specific reconstitution unit 11 _(u) makes it possible to translate the modified data D′ associated with said piece of software 2 _(u) so as to obtain the original data D. However, a user who does not possess the reconstitution unit 11 _(u) corresponding to the user piece of software 2 _(u) can use said piece of software, but only without the original data D, or at best with the modified data D′.

Furthermore, the method of the invention is genuinely effective even if its reconstitution function F_(u) is known and if the input and output parameters P_(e) and P_(s) can be observed and modified by a dishonest person, providing the reconstitution secret S_(u) is itself kept secret. A dishonest person will not be capable of discovering how data D′ is to be modified to obtain data D without help from the reconstitution unit 11 _(u).

A dishonest person might attempt to modify the user piece of software 2 _(u) so that it no longer needs the corresponding reconstitution unit 11 _(u). To do this, it must begin by having the specific reconstitution unit 11 _(u) available. Thereafter, the dishonest person must list all of the modified data D′ in order either to draw up a correspondence table between all of the input parameters P_(e) and the output parameters P_(s) and then generate a pseudo-simulator of the reconstitution unit 11 _(u), or else reconstitute all of the original data D and then set out to distribute a new user piece of software 2′_(u), including the reconstituted original data instead of the modified data, thus making it possible to omit the stage of reconstituting or translating the modified data in the reverse direction. However such a task is difficult because of the large quantity of original data.

In the embodiment shown in FIG. 3, the modified data D′ is transferred in full to the reconstitution unit 11 _(u). To increase the speed of such apparatus, FIGS. 4 to 6 describe preferred variants of the security method of the invention.

FIG. 4 shows a second variant of the stage in which the user piece of software 2 _(u) is used with the modified data. In this example, the modified data D′ is split up into at least a first portion D′₁ and a second portion D′₂. At least the first portion D′₁ of the modified data is selected as the input parameter P_(e). This input parameter P_(e) is transferred to the reconstitution unit 11 _(u) which, with the help of the reconstitution secret S_(u), determines an output parameter P_(s). The reconstitution unit 11 _(u) transfers the output parameter P_(s) to the user system 3 _(u). The user system 3 _(u) runs a reconstitution function F_(u) which includes an inverse translation function T_(i) which serves to recover or reconstitute the original data D on the basis of at least a part of the output parameter P_(s) and the second portion D′₂ of the modified data D′.

In a preferred implementation of the variant shown in FIG. 4, the first portion and the second portion of the modified data D′ are selected respectively to be a pseudo-random number as selected during the generation stage, and to be original data as modified during the generation stage and referred to as modified original data D′₂. The pseudo-random number is used as the input parameter P_(e) and is transformed by the reconstitution secret S_(u) to obtain the output parameter P_(s). The inverse translation function T_(i) takes the output parameter P_(s) and the modified original data D′₂ and serves to obtain the original data D therefrom. In the stage of generating modified data that corresponds to this preferred implementation, a pseudo-random number is selected as an input parameter for the generation secret S_(g) which delivers a generation output parameter. Such an output parameter is used to modify the original data D by means of a translation function T so as to obtain the modified original data. The modified original data in association with the pseudo-random number then constitutes the modified data D′. Naturally, the inverse translation function T_(i) is constituted by the function which is the inverse of the translation function T or by a combination of equivalent individual functions.

In the variant shown in FIG. 4, the way in which the original data D is modified is entirely independent of said data D.

FIG. 5 shows a third variant for the stage of using the user piece of software 2 _(u) with the modified data D′. In this variant the modified data D′ is constituted by a first portion D₁ and by a second portion D′₂. At least a fraction of the first portion D₁ which corresponds to the input parameter P_(e) is transferred to the reconstitution unit 11 _(u) which determines an output parameter P_(s) with the help of the reconstitution secret S_(u). The output parameter P_(s) is transferred to the user system 3 _(u) which implements a reconstitution function F_(u) including an inverse translation function T_(i) which enables the original second portion D₂ of the data to be recovered or reconstituted by using at least part of the output parameter P_(s) and the second portion D′₂ of the data. The reconstitution function F_(u) also delivers the first portion D₁ of the original data which, when associated with the second portion D₂, makes up the original data D.

In a preferred implementation of the FIG. 5 variant, the first portion D₁ corresponds to a portion of the original data, while the second portion D′₂ corresponds to the other portion of the original data which was modified during the generation stage and which is referred to as the modified second portion D′₂ of the data. The first portion D₁ of the original data is transformed by the reconstitution secret S_(u) in order to obtain the output parameter P_(s). The reconstitution function F_(u) also includes an inverse translation function T_(i) which serves to recover the second portion D₂ of the original data from the output parameter P_(s) and the modified second portion D′₂ of the data. In addition, the reconstitution function F_(u) is also adapted to deliver the first portion D₁ of the original data which, in combination with the second portion D₂ of the original data serves to make up the original data D. In the generation stage corresponding to this preferred embodiment, the original data D is divided into a first portion D₁ and a second portion D₂. At least a part of the first portion D₁ is used as the input parameter for the generation secret S_(g) which delivers a generation output parameter. At least a part of the generation output parameter is used by a translation function forming a portion of the generation function to translate the second portion D₂ of the original data in order to obtain a modified second portion D′₂ of the data. This modified second portion D′₂ of the data is associated with the first portion D₁ of the original data in order to make up the modified data D′.

In this variant, the way in which the original data D is modified depends solely on said data D.

FIG. 6 shows a fourth variant implementation of the user piece of software 2 _(u) using modified data D′. In this example, the modified data D′ comprises a first portion D₁, a second portion D′₂, and a third portion D₃. The input parameter P_(e) is constituted by at least a part of the first portion D₁ and a part of the third portion D₃. The input parameter P_(e) is transferred to the reconstitution unit 11 _(u) which determines an output parameter P_(s) using a reconstitution secret S_(u). The output parameter P_(s) is transferred to the user system 3 _(u) which implements a reconstitution function F_(u) comprising an inverse translation function T_(i) which enables the original second portion P₂ of the data to be recovered or reconstituted by using at least a part of the output parameter P_(s) and the second portion D′₂ of the data. The reconstitution function F_(u) also delivers the first portion D₁ of the original data which, when associated with the original second portion D₂ of the data makes up the original data D.

In a preferred embodiment of the FIG. 6 variant, the third portion D₃ corresponds to a pseudo-random number selected during the generation stage, while the first portion D₁ corresponds to a portion of the original data D, and the second portion D′₂ corresponds to the remainder of the original data after modification during the generation stage and referred to as the modified second portion D′₂ of the data. At least a part of the first portion D₁ of the original data and at least a part of the pseudo-random number together make up the input parameter P_(e) which is transformed by the reconstitution secret S_(u) to obtain the output parameter P_(s). The reconstitution function F_(u) also comprises an inverse translation function T_(i) which serves to recover or reconstitute the second portion D₂ of the original data from the output parameter P_(s) and the modified second portion D′₂ of the data. The reconstitution function F_(u) is also adapted to deliver the first portion D₁ of the data which, when associated with the second portion D₂ of the original data, makes up the original data D. In the generation stage corresponding to this preferred implementation, the original data D is subdivided into first and second portions D₁ and D₂, and a pseudo-random number is selected to constitute the third portion D₃. At least a part of the first portion D₁ of the data and at least a part of the pseudo-random number are used as input parameters for the generation secret S_(g) which delivers a generation output parameter. At least a part of the generation output parameter is used by a generation function to translate the second portion D₂ of the original data in order to obtain a modified second portion D′₂ of the data. The pseudo-random number D₃ and the first portion D₁ of the original data are associated with said modified second portion D′₂ so as to make up the modified data D′.

In this variant, the way in which the original data D is modified depends simultaneously on said data D itself and also on a pseudo-random number.

In a preferred variant associated with the examples described with reference to FIGS. 5 and 6, the first portion D₁ of the data for transfer to the reconstitution unit 11 _(u) is processed so as to facilitate the processing operations performed by the reconstitution unit 11 _(u). This portion D₁ of the data is thus delivered to the input of at least one intermediate user translation function H_(u) such as a non-invertible function, e.g. of the “one-way hash” type so as to obtain at least one intermediate input parameter P_(ei). This intermediate input parameter P_(ei) as determined by the user system 3 _(u) is optionally combined with the third portion P₃ to form the input parameter P_(e). The input parameter P_(e) is transferred to the reconstitution unit 11 _(u) so that the reconstitution unit can determine the output parameter P_(s) on the basis of the reconstitution secret S_(u), the intermediate input parameter P_(ei), and optionally the third portion D₃.

Naturally, during the stage of generating the modified data D′, the generation system implements at least one generation intermediate translation function so as to obtain at least one generation intermediate input parameter.

In the examples shown in FIGS. 5 and 6, it can be seen that in use the original data D is obtained by means of a processing step implementing the reconstitution unit 11 _(u). Naturally, provision can be made for this processing step to be repeated n times in order to increase the complexity with which data is coded. Thus, the following operations can be repeated as often as necessary, namely:

-   -   subdividing the previously obtained data into at least first and         second portions;     -   determining at least one output parameter from a function of a         portion of the data and one or more reconstitution secrets         different from or identical to the previously used secret(s);     -   modifying at least one of the other portions of the data by         means of a translation function identical to or different from         the previously used function; and     -   reconstituting data after each data processing stage.

In this implementation, during the modification substage, the data generation steps are performed in the reverse order, the same number n of times as the number of steps that are performed during the reconstitution substage.

In a preferred variant in accordance with FIGS. 5 and 6, the modified data D′ is made up of at least two portions D′₁, D′₂, of substantially equivalent size. In a first processing step, the second portion D′₂ is used as an input parameter for the reconstitution unit 11 _(u) in order to recover the first portion D₁ of the original data. After a first processing step, intermediate data is obtained that is constituted by at least the first portion D₁ of the original data and the modified second portion D′₂ of the data. In a second processing step, the roles of the portions D₁ and D′₂ are interchanged. Thus, at least the first portion D₁ of the data is used as an input parameter for the reconstitution unit 11 _(u) while the modified second portion D′₂ of the original data is modified by a translation function in order to recover the second portion D₂ of the original data. It follows that all of the original data D is reconstituted after all of the modified data D′ has been decoded. Naturally, during the modification substage, reverse operations are performed to encode or modify all of the original data D.

According to a preferred implementation characteristic of the invention, the modified data D′ is written or recorded on the data storage medium 6 _(u) which is associated with the user system 3 _(u) to enable the modified data D′ to be used when running the user piece of software 2 _(u). Naturally, the data storage medium 6 _(u) can be constituted in any known manner, for example as a hard disk, a magnetic tape, a CD-ROM, or any other storage device used for the purposes of storing or transmitting such data.

The method of the invention as described above can be implemented with a variety of reconstitution functions F_(u) depending on the objectives of the publisher of the protected user piece of software. For example, the reconstitution function F_(u) can include an encrypting function. Under such circumstances, the translated data will be manifestly incomprehensible. In another implementation, the reconstitution function F_(u) can be a function that implements minor pseudo-random modification to the digits contained in the original data. This enables the user of pirated piece of software 2′_(u) to use the data that is associated with the original version of the piece of software, but that will lead to the pirated piece of software 2′_(u) operating erroneously. 

1. A method of making a user piece of software secure by means of a user processing and memorizing unit containing at least one reconstitution secret, said piece of software operating on a user data processing system, and the method comprising the following steps: (a) in a stage of generating modified data: (1) and in a substage of creating data, using a generation piece of software to establish original data associated with the user piece of software; (2) and in a modification substage, using a generation secret and at least a portion of the associated original data to determine modified data; (b) in a stage of distribution, distributing the user piece of software and the associated modified data to a user; and (c) in a stage of using the user piece of software together with the associated modified data on a user system, and in a substage of reconstituting the original data; (1) for a user possessing a reconstitution unit including a reconstitution secret: (i) subdividing the modified data into at least a first portion and a second portion; (ii) selecting the first portion of the modified data as an input parameter; (iii) transferring the input parameter from the user system to the reconstitution unit; (iv) enabling the reconstitution unit to determine at least one output parameter on the basis of the reconstitution secret and the input parameter; (v) transferring the output parameter from the reconstitution unit to the user system; and (vi) running at least one reconstitution function making use of at least a portion of the output parameter and the second portion of the modified data to obtain the original data; and (2) for a user not possessing the reconstitution unit, allowing the user piece of software to be used at best with the modified data.
 2. A method of making a user piece of software secure by means of a user processing and memorizing unit containing at least one reconstitution secret, said piece of software operating on a user data processing system, and the method comprising the following steps: (a) in a stage of generating modified data: (1) and in a substage of creating data, using a generation piece of software to establish original data associated with the user piece of software; (2) and in a modification substage, using a generation secret and at least a portion of the associated original data to determine modified data; (b) in a stage of distribution, distributing the user piece of software and the associated modified data to a user; and (c) in a stage of using the user piece of software together with the associated modified data on a user system, and in a substage of reconstituting the original data; (1) for a user possessing a reconstitution unit including a reconstitution secret: (i) subdividing the modified data into at least a first portion and a second portion; (ii) selecting the first portion of the modified data as an input parameter; (iii) transferring the input parameter from the user system to the reconstitution unit; (iv) enabling the reconstitution unit to determine at least one output parameter on the basis of the reconstitution secret and the input parameter; (v) transferring the output parameter from the reconstitution unit to the user system; and (vi) running at least one reconstitution function making use of at least a portion of the output parameter and the first and the second portion of the modified data to obtain the original data; and (2) for a user not possessing the reconstitution unit, allowing the user piece of software to be used at best with the modified data.
 3. A method of making a user piece of software secure by means of a user processing and memorizing unit containing at least one reconstitution secret, said piece of software operating on a user data processing system, and the method comprising the following steps: (a) in a stage of generating modified data: (1) and in a substage of creating data, using a generation piece of software to establish original data associated with the user piece of software; (2) and in a modification substage, using a generation secret and at least a portion of the associated original data to determine modified data; (b) in a stage of distribution, distributing the user piece of software and the associated modified data to a user; and (c) in a stage of using the user piece of software together with the associated modified data on a user system, and in a substage of reconstituting the original data; (1) for a user possessing a reconstitution unit including a reconstitution secret: (i) subdividing the modified data into at least a first portion, a second portion and a third portion; (ii) using at least the first portion and the third portion of the modified data to determine an input parameter; (iii) transferring the input parameter from the user system to the reconstitution unit; (iv) enabling the reconstitution unit to determine at least one output parameter on the basis of the reconstitution secret and the input parameter; (v) transferring the output parameter from the reconstitution unit to the user system; and (vi) running at least one reconstitution function making use of at least a portion of the output parameter, the first portion and the second portion of the modified data to obtain the original data; and (2) for a user not possessing the reconstitution unit, allowing the user piece of software to be used at best with the modified data.
 4. A method according to claims 2 or 3, further comprising the steps of: (a) selecting as the input parameter an intermediate input parameter defined by the user system from an intermediate translation function using a portion of the modified data; and (b) determining the output parameter from the reconstitution secret and the input parameter as constituted by the intermediate input parameter and optionally the third portion of the data.
 5. A method according to claims 1, 2 or 3, further comprising the step of determining the modified data from a generation secret contained in a generation processing and memorizing unit.
 6. A method according to claims 1, 2 or 3, further comprising the step of determining the modified data from a generation secret associated with a generation piece of software.
 7. A method according to claims 2 or 3, further comprising the steps of repeating the following operations n times, where n≧1: (a) subdividing previously obtained data at least into first and second portions; (b) determining at least one output parameter on the basis of a function of a portion of the data and of one or more user secrets different from or identical to the previously used secret(s); (c) modifying at least one of the other portions of the data by means of a translation function identical to or different from the function used previously; and (d) reconstituting the data after each stage of processing the data.
 8. A method according to claim 7, wherein in the substage of reconstituting the original data, further comprising the steps of: (a) in a first processing step: (1) subdividing the modified data into at least a first portion and a second portion; (2) using at least part of the second portion as the input parameter for the reconstitution unit in order to recover the first portion of the original data; and (3) making up intermediate data comprising at least the first portion of the original data and the modified second portion of the data; and (b) in a second processing step: (1) using at least part of the first portion of the data as an input parameter for the reconstitution unit in order to recover the second portion of the original data; and (2) reconstituting the original data from the first portion and the second portion of the data.
 9. A method according to claim 7, further comprising the steps of performing the operations of translating the original data to obtain modified data n times, wherein n≧1, said operations being performed in the reverse order to the operations for translating the modified data into original data.
 10. A method according to claims 1, 2 or 3, further comprising the step of writing modified data onto a data storage medium associated with the user system to enable the modified data to be used during a stage of running the user piece of software.
 11. A method according to claim 8, further comprising the step of performing the operations of translating the original data to obtain modified data n times, wherein n≧1, said operations being performed in the reverse order to the operations for translating the modified data into original data. 